{"id":90659,"date":"2023-01-17T21:56:04","date_gmt":"2023-01-17T19:56:04","guid":{"rendered":"https:\/\/factorialhr.com\/blog\/?p=90659"},"modified":"2024-11-22T11:31:27","modified_gmt":"2024-11-22T09:31:27","slug":"california-privacy-rights-act-cpra","status":"publish","type":"post","link":"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/","title":{"rendered":"California Privacy Rights Act (CPRA): Guide for employers"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">There are a number of <\/span><b>data privacy laws<\/b><span style=\"font-weight: 400;\"> around the world, including Europe\u2019s <\/span><b>GDPR <\/b><span style=\"font-weight: 400;\">and Canada\u2019s <\/span><b>PIPEDA<\/b><span style=\"font-weight: 400;\">. These laws aim to <\/span><b>protect citizens and establish guidelines for how businesses can process and handle personal data<\/b><span style=\"font-weight: 400;\">. In the US, the most comprehensive state data privacy legislation is the <\/span><b>California Privacy Rights Act<\/b><span style=\"font-weight: 400;\"> (<\/span><span style=\"font-weight: 400;\">CPRA<\/span><span style=\"font-weight: 400;\">), which became fully operative on January 1, 2023.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In this post, we are going to answer questions like \u201c<\/span><b><i>What is CPRA?<\/i><\/b><span style=\"font-weight: 400;\">\u201d and \u201c<\/span><b><i>How does the California Privacy Rights Act (CPRA) compare to the CCPA<\/i><\/b><b>?<\/b><span style=\"font-weight: 400;\">\u201d. We will also explain which GDPR principles the Act has adopted and provide definitions for terms including \u201c<\/span><b><i>private right of action<\/i><\/b><span style=\"font-weight: 400;\">\u201d and \u201c<\/span><b><i>sensitive personal information<\/i><\/b><span style=\"font-weight: 400;\">\u201d. This will help you comply with the law and reduce the risks associated with non-compliance.<\/span><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<p><a href=\"https:\/\/factorialhr.com\/request-demo\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"aligncenter wp-image-86553 \" src=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2022\/11\/18151749\/free-demo-300x103.jpg\" alt=\"free demo\" width=\"833\" height=\"286\" srcset=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2022\/11\/18151749\/free-demo-300x103.jpg 300w, https:\/\/factorialhr.com\/wp-content\/uploads\/2022\/11\/18151749\/free-demo.jpg 675w\" sizes=\"(max-width: 833px) 100vw, 833px\" \/><\/a><\/p>\n<p><b><div class=\"js-toc toc\">\n<p class=\"js-toc-title toc__title\">Table of Contents<\/p>\n<nav id=\"fac_toc_nav\" class=\"js-toc-nav toc__nav\" aria-label=\"Table of Contents\"><ol class=\"toc__list toc__list--level-1\"><li class=\"toc-heading-level-2\"><a class=\"toc__link toc-link-heading-1\" href=\"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/#what-is-the-california-privacy-rights-act-(cpra)\" title=\"What is the California Privacy Rights Act (CPRA)? \u00a0\" data-target-id=\"what-is-the-california-privacy-rights-act-(cpra)\">What is the California Privacy Rights Act (CPRA)? \u00a0<\/a><\/li><li class=\"toc-heading-level-2\"><a class=\"toc__link toc-link-heading-2\" href=\"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/#does-cpra-replace-ccpa\" title=\"Does CPRA replace CCPA?\u00a0\" data-target-id=\"does-cpra-replace-ccpa\">Does CPRA replace CCPA?\u00a0<\/a><\/li><li class=\"toc-heading-level-2\"><a class=\"toc__link toc-link-heading-3\" href=\"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/#data-protected-under-the-california-privacy-rights-act-(cpra)\" title=\"Data protected under the California Privacy Rights Act (CPRA)\" data-target-id=\"data-protected-under-the-california-privacy-rights-act-(cpra)\">Data protected under the California Privacy Rights Act (CPRA)<\/a><\/li><li class=\"toc-heading-level-2\"><a class=\"toc__link toc-link-heading-4\" href=\"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/#changes-and-expansions-under-the-california-privacy-rights-act-(cpra)\" title=\"Changes and expansions under the California Privacy Rights Act (CPRA)\" data-target-id=\"changes-and-expansions-under-the-california-privacy-rights-act-(cpra)\">Changes and expansions under the California Privacy Rights Act (CPRA)<\/a><\/li><li class=\"toc-heading-level-2\"><a class=\"toc__link toc-link-heading-5\" href=\"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/#consumer-rights-under-the-california-privacy-rights-act-(cpra)\" title=\"Consumer rights under the California Privacy Rights Act (CPRA)\" data-target-id=\"consumer-rights-under-the-california-privacy-rights-act-(cpra)\">Consumer rights under the California Privacy Rights Act (CPRA)<\/a><\/li><li class=\"toc-heading-level-2\"><a class=\"toc__link toc-link-heading-6\" href=\"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/#obligations\/requirements-for-businesses\" title=\"Obligations\/requirements for businesses\u00a0\" data-target-id=\"obligations\/requirements-for-businesses\">Obligations\/requirements for businesses\u00a0<\/a><\/li><li class=\"toc-heading-level-2\"><a class=\"toc__link toc-link-heading-7\" href=\"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/#enforcement-and-penalties\" title=\"Enforcement and penalties\u00a0\" data-target-id=\"enforcement-and-penalties\">Enforcement and penalties\u00a0<\/a><\/li><li class=\"toc-heading-level-2\"><a class=\"toc__link toc-link-heading-8\" href=\"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/#california-privacy-rights-act-(cpra)-compliance-tips\" title=\"California Privacy Rights Act (CPRA) compliance tips\u00a0\" data-target-id=\"california-privacy-rights-act-(cpra)-compliance-tips\">California Privacy Rights Act (CPRA) compliance tips\u00a0<\/a><\/li><\/ol><\/nav><\/div><\/b><\/p>\n<h2><b>What is the California Privacy Rights Act (CPRA)? <\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">There is no all-encompassing <\/span><a href=\"https:\/\/factorialhr.com\/blog\/usa-federal-employment-laws\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">US federal employment law<\/span><\/a><span style=\"font-weight: 400;\"> relating to employee data protection in the United States. Instead, there is a vast range of <\/span><a href=\"https:\/\/factorialhr.com\/blog\/data-privacy\/\" target=\"_blank\" rel=\"noopener\"><b>data privacy<\/b><\/a><b> and <\/b><a href=\"https:\/\/factorialhr.com\/blog\/data-security-in-the-us\/\" target=\"_blank\" rel=\"noopener\"><b>data security<\/b><\/a><b> laws<\/b><span style=\"font-weight: 400;\"> that have been enacted on both the <\/span><b>federal and state<\/b><span style=\"font-weight: 400;\"> levels which serve to protect the personal data of U.S. employees and consumers. One such example is the <\/span><b>California Privacy Rights Act (CPRA)<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">So, what is CPRA?<\/span><\/p>\n<p><span style=\"font-weight: 400;\">California is known for its progressive laws, especially those enacted in more recent years. Examples of these trailblazing laws include the <\/span><a href=\"https:\/\/factorialhr.com\/blog\/california-pay-transparency-law\/\" target=\"_blank\" rel=\"noopener\"><b>California Pay Transparency Law<\/b><\/a><span style=\"font-weight: 400;\"> and <\/span>the <b><a href=\"https:\/\/calcivilrights.ca.gov\/family-medical-pregnancy-leave\/\" target=\"_blank\" rel=\"noopener\">California Family Rights Act<\/a> (CFRA)<\/b><span style=\"font-weight: 400;\"> which protects an employee\u2019s right to take <\/span><a href=\"https:\/\/factorialhr.com\/blog\/california-bereavement-leave\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">bereavement leave<\/span><\/a><span style=\"font-weight: 400;\">, amongst other provisions. The CPRA is another example of how the State of California is leading the way in terms of <\/span><b>consumer and workplace protections<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The California Privacy Rights Act (CPRA) is a <\/span><b>US data privacy law<\/b><span style=\"font-weight: 400;\"> targeted at businesses based or operating in the state of California. It was adopted via referendum and went into effect on January 1, 2023. At its core, it aims to <\/span><b>protect data privacy rights<\/b><span style=\"font-weight: 400;\">, including those of employees and consumers. It also <\/span><b>expands on existing privacy data laws<\/b><span style=\"font-weight: 400;\"> (namely, the CCPA which was enacted in 2018) and defines <\/span><b>how businesses must operate when they collect, store, use, and share employee and consumer data<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Specifically, under the CPRA, the citizens of California have gained a number of new rights, including the right to:<\/span><b><\/b><\/p>\n<ul>\n<li><b>Correct personal information<\/b><\/li>\n<li><b>Prevent the use of sensitive personal information<\/b><\/li>\n<li><b>Opt out of personal information being shared with third parties<\/b><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">As the first comprehensive consumer privacy legislation of its kind in the U.S., the CPRA is changing the way companies do business and serves as a potential model for other states looking to improve their data privacy laws.<\/span><\/p>\n<h2><b>Does CPRA replace CCPA?<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Many people confuse the California Consumer Privacy Act (CCPA) with the California Privacy Rights Act (CPRA). However, they are not the same thing.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">CPRA vs CCPA: What&#8217;s the difference?<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The <\/span><a href=\"https:\/\/oag.ca.gov\/privacy\/ccpa\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">California Consumer Privacy Act (CCPA)<\/span><\/a><span style=\"font-weight: 400;\"> is a law that was initially approved in 2018 and went into effect in 2020. This law regulates how businesses collect, store, share, and sell consumers\u2019 personal information and data.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The Consumer Privacy Rights Act (CPRA), approved in 2020, <strong>amends the previously established CCPA law.<\/strong> It outlines additional regulations that businesses must abide by to protect consumer privacy. Recently (as of January 1st, 2023), many of the CPRA\u2019s provisions went into effect. However, much of the law\u2019s enforcement won\u2019t go fully into effect until July 1st, 2023.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Let\u2019s take a look at some of the key differences between <\/span><b>CPRA vs. CCPA<\/b><span style=\"font-weight: 400;\"> to help you understand the difference.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The <\/span><b>California Consumer Privacy Act<\/b><span style=\"font-weight: 400;\"> (CCPA) was signed into law in 2018 and went into effect on January 1, 2020. It established a range of business obligations and consumer privacy rights relating to the collection and sale of personal data.\u00a0<\/span><\/p>\n<p><b>This included a consumer\u2019s right to:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Opt out of the sale of their personal data<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Delete personal information collected about and from them<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Nondiscrimination for exercising their CCPA rights\u00a0<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The <\/span><b>California Privacy Rights Act<\/b><span style=\"font-weight: 400;\"> (CPRA), also known as Proposition 24, doesn\u2019t replace the CCPA. Instead, it significantly amends and expands the existing provisions of the CCPA.\u00a0<\/span><\/p>\n<p><b>This includes the right to:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Opt-out of cross-contextual advertising.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Contractual commitments from service providers relating to the protection and use of personal data. This includes how long a business can retain each category of personal data, which should be explained in a company\u2019s public consumer privacy notice.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The protection of employment data, not just consumer data.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The CPRA also <\/span><b>expands the definition of breach liability<\/b><span style=\"font-weight: 400;\">. As a result, liability now also takes into account unauthorized access or disclosure of certain data elements (email addresses, passwords, security questions, etc.). Plus, it has added new provisions related to the establishment of a <\/span><b>new government agency for the enforcement of data privacy laws<\/b><span style=\"font-weight: 400;\"> in California, known as the <\/span><b>California Privacy Protection Agency<\/b><span style=\"font-weight: 400;\">.\u00a0<\/span><\/p>\n<p><em><strong>Related: <a href=\"https:\/\/factorialhr.com\/blog\/california-employment-laws\/\" target=\"_blank\" rel=\"noopener\">California Employment Law explained<\/a><\/strong><\/em><\/p>\n<h2><b>Data protected under the California Privacy Rights Act (CPRA)<\/b><\/h2>\n<p>If you are an employer or small business owner based in or operating within California, you must understand which data the California Privacy Rights Act (CPRA) protects. Essentially, the CPRA covers any personal data that could identify an employee or a consumer.<\/p>\n<p><span style=\"font-weight: 400;\">This includes, but isn\u2019t limited to:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Names<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Email addresses\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Phone numbers<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The contents of phone calls, emails, and text messages<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Social Security Numbers (SSN)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Physical addresses\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Driver&#8217;s license numbers<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">State identification cards<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Passport numbers<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Account login information<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Bank account numbers<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Debit and credit card numbers\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Any data related to geolocation, racial or ethnic origin, religious or philosophical beliefs, union membership, or genetic and biometric information<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Any other personally identifiable information<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The CPRA does not classify information that is publicly available from governmental records as personal information.\u00a0<\/span><\/p>\n<h2><b>Changes and expansions under the California Privacy Rights Act (CPRA)<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Let\u2019s take a look now at some of the changes and expansions under the California Privacy Rights Act (CPRA).<\/span><\/p>\n<p><span style=\"font-weight: 400;\">There are <\/span><b>6 main differences between the CCPA and the CPRA<\/b><span style=\"font-weight: 400;\"> that you need to be aware of.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">These relate to:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The criteria for qualifying as a business<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Modified consumer privacy rights<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">A new category of protected data<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The adoption of GDPR principles<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The expansion of the private right of action\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The creation of a new privacy enforcement authority<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Let\u2019s take a look at these points in a bit more detail.<\/span><\/p>\n<h3><b>Criteria for qualifying as a business<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">An important change relates to the criteria for qualifying as a business.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Let\u2019s look first at what the guidelines were under the CCPA (changes in bold).<\/span><\/p>\n<p><b>According to the CCPA<\/b><span style=\"font-weight: 400;\">, data privacy provisions applied to all for-profit businesses that met one or more of the following thresholds:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Has an annual gross revenue of over $25 million<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Makes 50% or more of its annual revenue from selling personal data<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Buys, sells, or receives the personal data of 50,000 or more California residents for commercial purposes, alone or jointly.<\/span><\/li>\n<\/ul>\n<p><b>The CPRA has expanded these guidelines<\/b><span style=\"font-weight: 400;\">. The law now applies to for-profit legal entities that meet one or more of the following thresholds:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Has an annual gross revenue of over $25 million<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Makes 50% or more of its annual revenue from selling or sharing personal data<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Buys, sells, receives, <\/span><b>or shares<\/b><span style=\"font-weight: 400;\"> the personal information of <\/span><b>100,000 or more households or consumers<\/b><span style=\"font-weight: 400;\"> annually, alone or jointly<\/span><\/li>\n<\/ul>\n<h3><b>5 modified consumer privacy rights <\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The CPRA has also <\/span><b>modified and expanded the definition of consumer privacy rights<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Previously, the CCPA created 5 specific rights for consumers.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This included the right to:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Know what personal information is collected, used, and shared with third parties, including where it was collected from, why it was collected, and, if sold, to whom.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Delete any collected personal data.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Opt-out of the sale of personal data (if applicable).<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Non-discriminatory treatment for exercising any rights.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Initiate a private cause of action for data breaches.<\/span><\/li>\n<\/ul>\n<p><b>The CPRA has included 2 additional consumer privacy rights:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Firstly, the right to correct inaccurate personal information.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Secondly, the right to limit the disclosure and use of sensitive personal information. This includes stopping their data from being collected and shared along a complex targeted advertising ecosystem (e.g., automated decision-making technology, including profiling).<\/span><\/li>\n<\/ul>\n<h3><b>New category of protected data: SPI<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Another important change relates to the definition of personal data. <\/span><\/p>\n<p><span style=\"font-weight: 400;\">The California Privacy Rights Act (CPRA) has introduced <\/span><b>a new classification of personal information (PI), referred to as <em>sensitive<\/em> personal information (SPI)<\/b><span style=\"font-weight: 400;\">. Moreover, it has also introduced additional use, disclosure, and opt-out requirements relating to sensitive personal information.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">As we mentioned above, according to the CPRA, sensitive personal information includes:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Names<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Email addresses\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Phone numbers<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">The contents of phone calls, emails, and text messages<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Social Security Numbers (SSN)<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Physical addresses\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Driver&#8217;s license numbers<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">State identification cards<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Passport numbers<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Account login information<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Bank account numbers<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Debit and credit card numbers\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Any data related to geolocation, racial or ethnic origin, religious or philosophical beliefs, union membership, or genetic and biometric information<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Any other personally identifiable information<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Essentially, if you collect any of this data from your workforce (which you undoubtedly do), then <\/span><b>your employees have the right, under the CPRA, to receive notice of said collection<\/b><span style=\"font-weight: 400;\">. Moreover, they also have <\/span><b>the right to be notified if you sell or share any of this sensitive data<\/b><span style=\"font-weight: 400;\">. Additionally, they have <\/span><b>the right to delete, correct or opt out of data-sharing arrangements<\/b><span style=\"font-weight: 400;\">. What&#8217;s more, if an employee decides to exercise any of these rights, you must comply with their request within 45 days of notification.<\/span><\/p>\n<h3><b>3 GDPR Principles adopted<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Many businesses in California have noted the similarities between the CPRA and Europe\u2019s <\/span><b>General Data Protection Act (GDPR)<\/b><span style=\"font-weight: 400;\">, which came into force in 2018. Generally speaking, they are right. In fact, the CPRA has adopted a number of <\/span><b>GDPR principles<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">These GDPR principles, guided by the concept of <\/span><b>lawfulness, fairness, and transparency<\/b><span style=\"font-weight: 400;\">, relate to:\u00a0<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>Data minimization<\/b><span style=\"font-weight: 400;\">: Companies are required to limit the collection of personal data that is deemed directly necessary and relevant to the nature of the business.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Storage limitation<\/b><span style=\"font-weight: 400;\">: Businesses are only permitted to retain and store personal data for a reasonable amount of time.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Purpose limitation<\/b><span style=\"font-weight: 400;\">: Businesses can only collect personal data for explicit, specific, and legitimate disclosed purposes.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">This makes it much easier to ensure compliance with both laws if your business is operating in both US and European territories.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Moreover, much like the GDPR, the CPRA also establishes a specific governing body for regulating the provisions of the Act. This body is known as the <\/span><b>California Privacy Protection Agency (CPPA)<\/b><span style=\"font-weight: 400;\">, and it has <\/span><b>full administrative power, authority, and jurisdiction to implement and enforce the CPRA<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<h3><b>Expanded private right of action<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">A further important change relates to a consumer&#8217;s private right of action.<\/span><\/p>\n<p>But, what does this mean?<\/p>\n<p><span style=\"font-weight: 400;\">Basically, the California Privacy Rights Act (CPRA) has expanded the CCPA&#8217;s scope for the <\/span><b>private right of action<\/b><span style=\"font-weight: 400;\">. Under the terms of the new law, <\/span><b>employees and consumers have the right to file a claim if they believe there has been a breach of their personal data<\/b><span style=\"font-weight: 400;\">. Previously, the CCPA included provisions for the private right of action. However, the CPRA has expanded these provisions so that they now also include <\/span><b>additional types of personal information<\/b><span style=\"font-weight: 400;\">. These additional types of personal information include email addresses, security questions and answers, and passwords.\u00a0<\/span><\/p>\n<h3><b>New privacy enforcement authority: CPPA<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">Finally, as we mentioned above, the California Privacy Rights Act (CPRA) includes the establishment of an <\/span><b>official governing body. <\/b>This <span style=\"font-weight: 400;\">governing body is known as the <\/span><a href=\"https:\/\/cppa.ca.gov\/\" target=\"_blank\" rel=\"noopener\"><b>California Privacy Protection Agency (CPPA)<\/b><\/a>\u00a0and it <span style=\"font-weight: 400;\">is directly responsible for regulating the Act. It has the authority to <\/span><b>investigate claims of data privacy breaches and enforce corrective actions<\/b><span style=\"font-weight: 400;\">, including the assignment of <\/span><b>non-compliance penalties<\/b><span style=\"font-weight: 400;\">. Moreover, the CPPA is also responsible for <\/span><b>promoting awareness of the CPRA<\/b><span style=\"font-weight: 400;\"> and has the <\/span><b>power to issue further regulations<\/b><span style=\"font-weight: 400;\"> where applicable.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Previously, the CCPA was enforced by the <\/span><b>California Office of the Attorney General (OAG)<\/b><span style=\"font-weight: 400;\">. Instead, a specific governing body is now exclusively responsible for enforcing the protection of sensitive personal information. This should hopefully result in higher levels of data privacy compliance in the state.\u00a0<\/span><\/p>\n<h2><b>Consumer rights under the California Privacy Rights Act (CPRA)<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Under the terms of the California Privacy Rights Act (CPRA), your <\/span><b>employees and customers have the right to:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Be informed of the data you are collecting and their corresponding rights.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Request that you disclose what sensitive personal information you have collected, and what the specific purpose of collecting this data is.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Correct any sensitive personal information that you hold.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Limit how you use their sensitive personal information unless it is necessary for you to perform the services or provide the goods they are requesting.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Opt out of third-party data sales.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Take legal action if you expose their non-encrypted sensitive personal information.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">File a claim for violations of the CPRA involving the personal information of consumers under the age of 16.\u00a0<\/span><\/li>\n<\/ul>\n<h2><b>Obligations\/requirements for businesses<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">As an employer or business owner, if you qualify under the provisions of the California Privacy Rights Act (CPRA), <\/span><b>you have a number of specific obligations.<\/b><\/p>\n<p>In particular, these obligations mean you have to<span style=\"font-weight: 400;\">:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Provide your customers with notice of their consumer rights in the form of an <\/span><b>&#8220;at time of collection&#8221; privacy policy<\/b><span style=\"font-weight: 400;\">. In the case of employees, you also have an obligation to post an <\/span><b>employee privacy statement<\/b><span style=\"font-weight: 400;\"> in your place of business and ensure your employees understand what personal information you have collected from them.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Honor <\/b><span style=\"font-weight: 400;\">these consumer rights.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Fulfill all your obligations relating to the <\/span><b>disclosure and retention<\/b><span style=\"font-weight: 400;\"> of sensitive personal information.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Facilitate consumer requests relating to the <\/span><b>omission, retraction, or sharing of sensitive personal information<\/b><span style=\"font-weight: 400;\"> unless you specifically require access to this information in order to provide the products or services that a consumer has requested.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Facilitate requests relating to the <\/span><b>disclosure and amendment of sensitive personal information<\/b><span style=\"font-weight: 400;\">.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Implement <\/span><b>security safeguards<\/b><span style=\"font-weight: 400;\">, such as the encryption of sensitive personal information.<\/span><\/li>\n<\/ul>\n<p><a href=\"https:\/\/factorialhr.com\/blog\/2024-free-hr-compliance-calendar\/\" target=\"_blank\" rel=\"noopener\"><img decoding=\"async\" class=\"alignnone wp-image-119836\" src=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2021\/11\/26170005\/hr-compliance-calendar-300x103.png\" alt=\"hr deadlines 2024\" width=\"801\" height=\"275\" srcset=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2021\/11\/26170005\/hr-compliance-calendar-300x103.png 300w, https:\/\/factorialhr.com\/wp-content\/uploads\/2021\/11\/26170005\/hr-compliance-calendar-768x263.png 768w, https:\/\/factorialhr.com\/wp-content\/uploads\/2021\/11\/26170005\/hr-compliance-calendar.png 900w\" sizes=\"(max-width: 801px) 100vw, 801px\" \/><\/a><\/p>\n<h2><b>Enforcement and penalties<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">So, what happens if you don&#8217;t comply with the CPRA?<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In the event of <\/span><b>non-compliance<\/b><span style=\"font-weight: 400;\"> with any of the obligations established by the California Privacy Rights Act (CPRA), <\/span><b>the California Privacy Protection Agency (CPPA) has the right to impose a number of penalties<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p>What are these penalties?<\/p>\n<p><span style=\"font-weight: 400;\">Basically, these include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><b>Civil penalties<\/b><span style=\"font-weight: 400;\"> of up to $7,500 per intentional (willful) violation or $2,500 per unintentional (negligible) violation.<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Damages<\/b><span style=\"font-weight: 400;\">. Consumers are entitled to statutory damages of no less than $100 and no more than $750.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><b>Non-monetary relief<\/b><span style=\"font-weight: 400;\">. If an employee or consumer files a claim for a security breach violation, they are also entitled to seek injunctive or declaratory relief, as well as any other relief the court deems appropriate.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Unquestionably, the best way to avoid these penalties is to implement <\/span><b>standards and procedures that ensure you handle all consumer and employee data in a responsible and ethical manner<\/b><span style=\"font-weight: 400;\">. For example, you should develop stronger <\/span><b>data protection processes and controls<\/b><span style=\"font-weight: 400;\"> and <\/span><b>adapt to any new data privacy compliance requirements<\/b><span style=\"font-weight: 400;\"> that might be included in the Act in the future.\u00a0<\/span><\/p>\n<h2><b>California Privacy Rights Act (CPRA) compliance tips<\/b><span style=\"font-weight: 400;\">\u00a0<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Above all, there are two main aspects you need to consider and evaluate to ensure CPRA compliance:<\/span><i><\/i><\/p>\n<ul>\n<li style=\"font-weight: 400;\"><i><span style=\"font-weight: 400;\">What changes do you need to make to your internal processes, policies, procedures, and systems to ensure ongoing compliance?<\/span><\/i><\/li>\n<li style=\"font-weight: 400;\"><i><span style=\"font-weight: 400;\">How will you notify your customers, partners, and employees of the changes and their additional rights under the CPRA?<\/span><\/i><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Here are a few additional tips to help you with this:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\">The first step is <b>conducting a detailed audit<\/b><span style=\"font-weight: 400;\"> of the data your organization collects. Above all, make sure you <\/span><b>understand the types of data you collect, why you collect it, how you handle it, and how you protect it<\/b><span style=\"font-weight: 400;\">. You should also identify which categories of data are sensitive personal information and consider removing the collection of any data that is not strictly necessary for the purpose of your business.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Secondly, make sure your <\/span><b>employees and customers are aware of their rights <\/b><span style=\"font-weight: 400;\">under this law.<\/span><\/li>\n<li style=\"font-weight: 400;\">Thirdly, <b>review and update your internal processes, policies, procedures, and systems<\/b><span style=\"font-weight: 400;\"> so that they comply with all requirements of the CPRA.<\/span><\/li>\n<li style=\"font-weight: 400;\">Additionally,<b> update your privacy notice<\/b><span style=\"font-weight: 400;\"> so that it aligns with CPRA disclosure requirements.<\/span><\/li>\n<li style=\"font-weight: 400;\">Likewise, it&#8217;s also a good idea to <b>update your contracts<\/b><span style=\"font-weight: 400;\"> with employees, service providers, contractors, and third parties to ensure they include the required CPRA provisions.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Moreover, conduct a comprehensive <\/span><b>privacy and cybersecurity risk assessment<\/b><span style=\"font-weight: 400;\">.<\/span><\/li>\n<li style=\"font-weight: 400;\"><span style=\"font-weight: 400;\">Lastly, use an<\/span><b> encrypted document management system<\/b><span style=\"font-weight: 400;\"> to handle all the SPD that you collect, store, and manage.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Ultimately, by understanding all your obligations under the California Privacy Rights Act (CPRA) and designing a <\/span><b>comprehensive plan of action to ensure compliance<\/b><span style=\"font-weight: 400;\">, you can successfully avoid undesirable enforcement penalties. Above all, this is important because non-compliance can not only damage your company\u2019s finances &#8211; it can also have a negative effect on your brand and reputation.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>There are a number of data privacy laws around the world, including Europe\u2019s GDPR and Canada\u2019s PIPEDA. These laws aim to protect citizens and establish guidelines for how businesses can process and handle personal data. In the US, the most comprehensive state data privacy legislation is the California Privacy Rights Act (CPRA), which became fully<a href=\"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/\" class=\"read-more\"> [&#8230;]<\/a><\/p>\n","protected":false},"author":80,"featured_media":90660,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[146],"tags":[],"class_list":["post-90659","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-legal-hr"],"acf":{"topics":"core"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v21.5 (Yoast SEO v21.9.1) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>California Privacy Rights Act (CPRA): Guide for employers<\/title>\n<meta name=\"description\" content=\"Everything you need to know about the California Privacy Rights Act (CPRA) and the California Consumer Privacy Act (CCPA). Learn more!\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"California Privacy Rights Act (CPRA): Guide for employers\" \/>\n<meta property=\"og:description\" content=\"Everything you need to know about the California Privacy Rights Act (CPRA) and the California Consumer Privacy Act (CCPA). Learn more!\" \/>\n<meta property=\"og:url\" content=\"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/\" \/>\n<meta property=\"og:site_name\" content=\"Factorial\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/\" \/>\n<meta property=\"article:published_time\" content=\"2023-01-17T19:56:04+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-11-22T09:31:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/01\/17204127\/California-Privacy-Rights-Act-CPRA.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"830\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Cat Symonds\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@factorialapp\" \/>\n<meta name=\"twitter:site\" content=\"@factorialapp\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Cat Symonds\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/\"},\"author\":{\"name\":\"Cat Symonds\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/39a0e312e3aae9ac2b6461196e8b1620\"},\"headline\":\"California Privacy Rights Act (CPRA): Guide for employers\",\"datePublished\":\"2023-01-17T19:56:04+00:00\",\"dateModified\":\"2024-11-22T09:31:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/\"},\"wordCount\":2760,\"publisher\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/#organization\"},\"articleSection\":[\"Legal &amp; Finance\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/\",\"url\":\"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/\",\"name\":\"California Privacy Rights Act (CPRA): Guide for employers\",\"isPartOf\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/#website\"},\"datePublished\":\"2023-01-17T19:56:04+00:00\",\"dateModified\":\"2024-11-22T09:31:27+00:00\",\"description\":\"Everything you need to know about the California Privacy Rights Act (CPRA) and the California Consumer Privacy Act (CCPA). Learn more!\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#website\",\"url\":\"https:\/\/factorialhr.com\/blog\/\",\"name\":\"Factorial\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/factorialhr.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#organization\",\"name\":\"All-in-one business management software - Factorial\",\"url\":\"https:\/\/factorialhr.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png\",\"contentUrl\":\"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png\",\"width\":946,\"height\":880,\"caption\":\"All-in-one business management software - Factorial\"},\"image\":{\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/\",\"https:\/\/twitter.com\/factorialapp\",\"https:\/\/www.linkedin.com\/company\/factorialhr\",\"https:\/\/www.youtube.com\/@factorialmedia\",\"https:\/\/www.instagram.com\/factorial\/#\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/39a0e312e3aae9ac2b6461196e8b1620\",\"name\":\"Cat Symonds\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/b492f0f89686841665e1c7b5f5b67998?s=96&d=identicon&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/b492f0f89686841665e1c7b5f5b67998?s=96&d=identicon&r=g\",\"caption\":\"Cat Symonds\"},\"description\":\"Cat Symonds is a freelance writer, editor, and translator. Originally from Wales, she studied Spanish and French at the University of Swansea before moving to Barcelona where she lived and worked for 12 years. She has since relocated back to Wales where she continues to build her business, working with clients in Spain and the UK.\u00a0 Cat is the founder of\u00a0The Content CAT: Content And Translation, providing content development and translation services to her clients. She specializes in corporate blogs, articles of interest, ghostwriting, and translation (SP\/FR\/CA into EN), collaborating with a range of companies from a variety of business sectors. She also offers services to a number of NGOs including Oxfam Interm\u00f3n, UNICEF, and Corporate Excellence - Centre for Reputation Leadership.\u00a0 For more information or to contact Cat visit her\u00a0website\u00a0(thecontentcat.com) or send her a message through\u00a0LinkedIn.\",\"sameAs\":[\"http:\/\/www.thecontentcat.com\/\",\"https:\/\/www.linkedin.com\/in\/catsymonds\/\"],\"url\":\"https:\/\/factorialhr.com\/blog\/author\/cat-symonds\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"California Privacy Rights Act (CPRA): Guide for employers","description":"Everything you need to know about the California Privacy Rights Act (CPRA) and the California Consumer Privacy Act (CCPA). Learn more!","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/","og_locale":"en_US","og_type":"article","og_title":"California Privacy Rights Act (CPRA): Guide for employers","og_description":"Everything you need to know about the California Privacy Rights Act (CPRA) and the California Consumer Privacy Act (CCPA). Learn more!","og_url":"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/","og_site_name":"Factorial","article_publisher":"https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/","article_published_time":"2023-01-17T19:56:04+00:00","article_modified_time":"2024-11-22T09:31:27+00:00","og_image":[{"width":830,"height":400,"url":"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/01\/17204127\/California-Privacy-Rights-Act-CPRA.jpg","type":"image\/jpeg"}],"author":"Cat Symonds","twitter_card":"summary_large_image","twitter_creator":"@factorialapp","twitter_site":"@factorialapp","twitter_misc":{"Written by":"Cat Symonds","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/#article","isPartOf":{"@id":"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/"},"author":{"name":"Cat Symonds","@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/39a0e312e3aae9ac2b6461196e8b1620"},"headline":"California Privacy Rights Act (CPRA): Guide for employers","datePublished":"2023-01-17T19:56:04+00:00","dateModified":"2024-11-22T09:31:27+00:00","mainEntityOfPage":{"@id":"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/"},"wordCount":2760,"publisher":{"@id":"https:\/\/factorialhr.com\/blog\/#organization"},"articleSection":["Legal &amp; Finance"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/","url":"https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/","name":"California Privacy Rights Act (CPRA): Guide for employers","isPartOf":{"@id":"https:\/\/factorialhr.com\/blog\/#website"},"datePublished":"2023-01-17T19:56:04+00:00","dateModified":"2024-11-22T09:31:27+00:00","description":"Everything you need to know about the California Privacy Rights Act (CPRA) and the California Consumer Privacy Act (CCPA). Learn more!","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/factorialhr.com\/blog\/california-privacy-rights-act-cpra\/"]}]},{"@type":"WebSite","@id":"https:\/\/factorialhr.com\/blog\/#website","url":"https:\/\/factorialhr.com\/blog\/","name":"Factorial","description":"","publisher":{"@id":"https:\/\/factorialhr.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/factorialhr.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/factorialhr.com\/blog\/#organization","name":"All-in-one business management software - Factorial","url":"https:\/\/factorialhr.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png","contentUrl":"https:\/\/factorialhr.com\/wp-content\/uploads\/2023\/07\/18155144\/factorial-logo.png","width":946,"height":880,"caption":"All-in-one business management software - Factorial"},"image":{"@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/people\/Factorial\/100064908455810\/","https:\/\/twitter.com\/factorialapp","https:\/\/www.linkedin.com\/company\/factorialhr","https:\/\/www.youtube.com\/@factorialmedia","https:\/\/www.instagram.com\/factorial\/#"]},{"@type":"Person","@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/39a0e312e3aae9ac2b6461196e8b1620","name":"Cat Symonds","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/factorialhr.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/b492f0f89686841665e1c7b5f5b67998?s=96&d=identicon&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b492f0f89686841665e1c7b5f5b67998?s=96&d=identicon&r=g","caption":"Cat Symonds"},"description":"Cat Symonds is a freelance writer, editor, and translator. Originally from Wales, she studied Spanish and French at the University of Swansea before moving to Barcelona where she lived and worked for 12 years. She has since relocated back to Wales where she continues to build her business, working with clients in Spain and the UK.\u00a0 Cat is the founder of\u00a0The Content CAT: Content And Translation, providing content development and translation services to her clients. She specializes in corporate blogs, articles of interest, ghostwriting, and translation (SP\/FR\/CA into EN), collaborating with a range of companies from a variety of business sectors. She also offers services to a number of NGOs including Oxfam Interm\u00f3n, UNICEF, and Corporate Excellence - Centre for Reputation Leadership.\u00a0 For more information or to contact Cat visit her\u00a0website\u00a0(thecontentcat.com) or send her a message through\u00a0LinkedIn.","sameAs":["http:\/\/www.thecontentcat.com\/","https:\/\/www.linkedin.com\/in\/catsymonds\/"],"url":"https:\/\/factorialhr.com\/blog\/author\/cat-symonds\/"}]}},"_links":{"self":[{"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/posts\/90659"}],"collection":[{"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/users\/80"}],"replies":[{"embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/comments?post=90659"}],"version-history":[{"count":7,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/posts\/90659\/revisions"}],"predecessor-version":[{"id":145323,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/posts\/90659\/revisions\/145323"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/media\/90660"}],"wp:attachment":[{"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/media?parent=90659"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/categories?post=90659"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/factorialhr.com\/blog\/wp-json\/wp\/v2\/tags?post=90659"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}